Comparing syslogd, syslog-ng OSE 3.2, and syslog-ng PE 4.0

The syslogd, syslog-ng OSE 3.2, syslog-ng PE 4.0, and SSB 2.0 comparison table

The following table summarizes the main differences between the syslogd, syslog-ng Open Source Edition (OSE), syslog-ng Premium Edition (PE) syslog applications, and the syslog-ng Store Box (SSB)log server appliance. For a more in-depth technical comparison, see the detailed feature comparison between syslogd, syslog-ng OSE, and syslog-ng PE.

What does syslog-ng PE offer over syslogd?

The syslogd application is the standard system logging application used by network devices like switches and routers, as well as servers running operating systems based on Unix, including Linux, HP-UX, BSD, Solaris, and AIX, but excluding Microsoft Windows. The implementations of syslogd on the different operating systems are in part system-specific, while syslog-ng has higher portability, using the same codebase on every platform. Regarding reliability, syslogd does nothing to ensure that the sent messages really arrive to the server. It uses the unreliable UDP network protocol, meaning that messages can get lost on the network without the sender or the server ever noticing it. Additionally, syslogd simply drops messages when the server is unavailable or overloaded. It does not have the ability to encrypt the messages, and the server can output the logs only into text files. The syslog-ng application offers improved reliability and powerful message processing capabilities, as well as several other features, and optional vendor support.

What does syslog-ng PE offer over syslog-ng OSE?

The syslog-ng Open Source Edition (syslog-ng OSE) application is the most popular and widespread alternative system logging application used in the world, having replaced syslogd on tens of thousands of systems. It has several features surpassing syslogd, including reliable message transferring using the TCP protocol, transfer messages securely using TLS, the ability to send log messages directly to an SQL database like MySQL or PostgreSQL, and the possibility to control the flow of messages to handle minor server outages. But only syslog-ng PE has the more advanced features of buffering the messages on the hard disk, storing messages in encrypted log files, reading messages from arbitrary files, and support for Microsoft Windows and IBM System i operating systems.

The following table summarizes the main differences between the syslogd, syslog-ng Open Source Edition (OSE), and syslog-ng Premium Edition (PE). For a more in-depth technical comparison, see the detailed feature comparison between syslogd, syslog-ng OSE, and syslog-ng PE.

If you want to see the cost benefits of syslog-ng PE usage over syslog-ng OSE, please try our ROI calculator.

What does syslog-ng Store Box offer over other versions?

The syslog-ng Store Box (SSB) is a central logserver appliance. It is built around syslog-ng PE, and offers a complete turn-key solution for managing your logs, including log collection, encrypted storage, automatic archiving and backups. SSB is managed from a web interface offering powerful log searching, browsing, and reporting capabilities, as well as high-availability support. For details, see the syslog-ng Store Box product page.

What does syslog-ng offer over rsyslog?

Another popular syslog implementation is rsyslog. While it is often used as an easy upgrade path from traditional syslogd, there are many reasons to change to syslog-ng instead. The syslog-ng application has a well structured configuration format, support for a wider diversity of platforms, real-time message classification and correlation and all of these features are very well documented. For a more in-depth comparison, see the detailed comparison between rsyslog and syslog-ng.